- log in to security tooling GCP project
- select IAM & Admin, Service Accounts
- press Create service account
- enter a name, ID, and description for the service account
- press Create and continue
- add the roles listed in Domain Protect GCP
- press Create
- view the newly created service account in the console
- Open CloudShell
- Enter:
gcloud iam service-accounts add-iam-policy-binding "[email protected]" --member="principalSet://iam.googleapis.com/projects/PROJECT-NUMBER/locations/global/workloadIdentityPools/github-actions/attribute.repository/YOUR-GITHUB-ORG/domain-protect-gcp-deploy" --role="roles/iam.workloadIdentityUser"
- view in console at IAM, Service Accounts
- select Service Account, permissions
